From 66397ac8d5e95f43ae6ff33fad00011328e6536f Mon Sep 17 00:00:00 2001
From: Arthur Grisel-Davy <grisel-davy@crans.org>
Date: Tue, 1 Aug 2023 16:26:16 -0400
Subject: [PATCH] add results for bpv

---
 PhD/research_proposal/pastwork.tex     | 38 +++++++++++++++++++-------
 PhD/research_proposal/presentation.tex | 27 ++++++++++++++----
 PhD/research_proposal/proposal.tex     |  2 ++
 3 files changed, 52 insertions(+), 15 deletions(-)

diff --git a/PhD/research_proposal/pastwork.tex b/PhD/research_proposal/pastwork.tex
index f814ec6..f2c2802 100644
--- a/PhD/research_proposal/pastwork.tex
+++ b/PhD/research_proposal/pastwork.tex
@@ -176,24 +176,42 @@ The distance of each new trace to the reference average is computed and compared
 If the distance is above the pre-computed threshold, the new trace is considered anomalous.
 
 \subsection{Results}
-We evaluated the \gls{bpv} on three occasions.
+We evaluated the \gls{bpv} on two occasions.
 First, we assembled a panel of relevant devices, including switches, \gls{wap} and \gls{pc}.
 The evaluations revealed that the \gls{bpv} performed better on simpler devices like switches and \gls{wap} compared to general-purpose computers.
 This is mainly due to the reduced variability and noise in the traces captured from simpler devices that produce a more robust model.
 This first study leads to the publication of a work-in-progress paper in the EMSOFT 2022 conference \cite{grisel2022work} that describes the design and capabilities of the \gls{bpv} in its first version.
-Then, we performed a case study with an industry partner on \gls{rtu}.
-The \gls{rtu} was composed of one low-complexity embedded system and one main general-purpose computer.
-The computer's activity overtook most of the other information in the trace and made it more difficult to detect subtle variations.
-However, the \gls{bpv} could still detect intrusions in the computer from the global trace.
-For example, a user modifying some settings through the \gls{bios} or booting into a different \gls{os} was detected.
-This case study revealed that some systems could have multiple valid modes of the boot sequence.
-This discovery enabled us to rethink the model of the \gls{bpv} to allow such variations.
-We performed the final evaluation on a drone.
+%Then, we performed a case study with an industry partner on \gls{rtu}.
+%The \gls{rtu} was composed of one low-complexity embedded system and one main general-purpose computer.
+%The computer's activity overtook most of the other information in the trace and made it more difficult to detect subtle variations.
+%However, the \gls{bpv} could still detect intrusions in the computer from the global trace.
+%For example, a user modifying some settings through the \gls{bios} or booting into a different \gls{os} was detected.
+%This case study revealed that some systems could have multiple valid modes of the boot sequence.
+%This discovery enabled us to rethink the model of the \gls{bpv} to allow such variations.
+We performed the second evaluation on a drone.
 A drone is a prime machine for the \gls{bpv} as its low complexity allows for consistent boot traces.
 We successfully detected different firmware versions by leveraging the information from the two previous experiments.
 Along the evaluations, the \gls{bpv} capabilities have been modified to adapt to specific cases and enable anomalous training samples, multi-model evaluations, and autonomous learning.
 
-\agd{add results}
+\begin{table}[ht]
+    \centering
+    \begin{tabular}{lccc}
+        \toprule
+        \textbf{Test Case} & \textbf{Experiment} & \textbf{F1 Score} \tabularnewline
+        \toprule
+        \multirow{4}*{Network Devices} & TP-Link switch & 0.87\tabularnewline
+                                       & HP switch & 0.98 \tabularnewline
+                                       & Asus Router & 1.00\tabularnewline
+                                       & Linksys Router & 0.92\tabularnewline
+        \midrule
+        \multirow{4}*{Drone} & Original & 1.00\tabularnewline
+                             & Compiled & 1.00\tabularnewline
+                             & Low Battery & 1.00\tabularnewline
+                             & Bootloader Bug & 1.00\tabularnewline
+        \bottomrule
+    \end{tabular}
+    \label{tab:fw-results}
+\end{table}  
 
 \newpage
 \section{State Detection and Segmentation}
diff --git a/PhD/research_proposal/presentation.tex b/PhD/research_proposal/presentation.tex
index 42c77af..5bc87d2 100644
--- a/PhD/research_proposal/presentation.tex
+++ b/PhD/research_proposal/presentation.tex
@@ -98,7 +98,6 @@
                                           & AC SVM &  & \numprint[\%]{99.5} \tabularnewline
         \bottomrule
     \end{tabular}
-    \label{tab:fw-results}
 \end{table}
 
     \footnote{Published in \textit{Side-channel Based Runtime Intrusion Detection for Network Equipment} at MLCS (Workshop of ECML-PKDD 2023)}
@@ -110,9 +109,6 @@
         \includegraphics[height=0.9\textheight]{images/xpsu_illustration.pdf}
     \end{figure}
 \end{frame}
-\begin{frame}{ Preliminary Work - xPSU}
-
-\end{frame}
 
 \begin{frame}{Preliminary Work - SDS \& BPV}
     \begin{figure}
@@ -124,8 +120,29 @@
 \begin{frame}{Preliminary Work - SDS \& BPV}
     \begin{figure}
         \centering
-        \includegraphics[width=0.8\textwidth]{images/training_bpv.pdf}
+        \includegraphics[width=0.9\textwidth]{images/training_bpv.pdf}
     \end{figure}
+\end{frame}
+
+\begin{frame}{Preliminary Work - SDS \& BPV}
+\begin{table}[ht]
+\centering
+\begin{tabular}{lccc}
+    \toprule
+    \textbf{Test Case} & \textbf{Experiment} & \textbf{F1 Score} \tabularnewline
+    \toprule
+    \multirow{4}*{Network Devices} & TP-Link switch & 0.87\tabularnewline
+                                   & HP switch & 0.98 \tabularnewline
+                                   & Asus Router & 1.00\tabularnewline
+                                   & Linksys Router & 0.92\tabularnewline
+    \midrule
+    \multirow{4}*{Drone} & Original & 1.00\tabularnewline
+                         & Compiled & 1.00\tabularnewline
+                         & Low Battery & 1.00\tabularnewline
+                         & Bootloader Bug & 1.00\tabularnewline
+    \bottomrule
+\end{tabular}
+\end{table}
     \footnote{Published in \textit{Work-in-Progress: Boot Sequence Integrity Verification with Power Analysis} at EMSOFT 2022\\
     and in \textit{Independent Boot Process Verification using Side-Channel Power Analysis} at QRS 2023}
 \end{frame}
diff --git a/PhD/research_proposal/proposal.tex b/PhD/research_proposal/proposal.tex
index e68b30d..65b63d5 100644
--- a/PhD/research_proposal/proposal.tex
+++ b/PhD/research_proposal/proposal.tex
@@ -133,6 +133,8 @@
 }{} % end of ifthenelse (no else)
 
 \usepackage{cite}
+\usepackage{multirow}
+\usepackage{booktabs}
 \usepackage[acronyms]{glossaries} % Exception to the rule of hyperref being the last add-on package
 % If glossaries-extra is not in your LaTeX distribution, get it from CTAN (http://ctan.org/pkg/glossaries-extra), 
 % although it's supposed to be in both the TeX Live and MikTeX distributions. There are also documentation and